from flask import Flask, request, redirect, url_for, render_template_string
from flask_principal import Principal, Permission, RoleNeed, Identity, identity_changed, AnonymousIdentity, \
    identity_loaded, UserNeed, ActionNeed

app = Flask(__name__)
app.secret_key = 'super_secret_key'

# 初始化 Flask-Principal
principals = Principal(app)

# 定义一些权限
doc_ops_permission = Permission(ActionNeed('docOps'))
doc_review_permission = Permission(ActionNeed('docReview'))
doc_sign_permission = Permission(ActionNeed('docSign'))
user_mgmt_permission = Permission(ActionNeed('userMgmt'))
perm_mgmt_permission = Permission(ActionNeed('permMgmt'))
log_mgmt_permission = Permission(ActionNeed('logMgmt'))


# 模拟从数据库获取用户角色和权限的方法
def get_user_roles(user_id):
    roles_data = [
        {'role_name': 'sysAdmin'},
        {'role_name': 'secAdmin'},
        {'role_name': 'secAuditor'},
        {'role_name': 'auditor'},
        {'role_name': 'operator'}
    ]
    return [role['role_name'] for role in roles_data if user_id == 1]


def get_user_permissions(user_id):
    permissions_data = [
        [{'permission_name': 'docOps'}],
        [{'permission_name': 'docReview'}],
        [{'permission_name': 'docSign'}],
        [{'permission_name': 'userMgmt'}, {'permission_name': 'permMgmt'}],
        [{'permission_name': 'logMgmt'}]
    ]
    return [perm['permission_name'] for perm_list in permissions_data for perm in perm_list if user_id == 1]


# 加载用户身份
@app.route('/login')
def login():
    # 假设用户ID为1
    user_id = 1

    # 获取用户角色和权限
    roles = get_user_roles(user_id)
    permissions = get_user_permissions(user_id)

    # 设置身份
    identity = Identity(user_id)
    identity_changed.send(app, identity=identity)

    # 将角色添加到身份
    for role in roles:
        identity.provides.add(RoleNeed(role))

    # 将权限添加到身份
    for permission in permissions:
        identity.provides.add(ActionNeed(permission))

    return redirect(url_for('index'))


# 登出
@app.route('/logout')
def logout():
    identity_changed.send(app, identity=AnonymousIdentity())
    return redirect(url_for('index'))


# 身份加载事件处理
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
    # 加载用户信息（这里假设用户信息已经存储在身份中）
    user_id = identity.id

    # 获取用户角色和权限
    roles = get_user_roles(user_id)
    permissions = get_user_permissions(user_id)

    # 添加角色到身份
    for role in roles:
        identity.provides.add(RoleNeed(role))

    # 添加权限到身份
    for permission in permissions:
        identity.provides.add(ActionNeed(permission))


# 主页
@app.route('/')
def index():
    return "Welcome to the Home Page!"


# 受保护的路由，需要 docOps 权限
@app.route('/doc_ops')
@doc_ops_permission.require(http_exception=403)
def doc_ops():
    return "You have access to Document Operations."


# 受保护的路由，需要 userMgmt 权限
@app.route('/user_management')
@user_mgmt_permission.require(http_exception=403)
def user_management():
    return "You have access to User Management."


# 受保护的路由，需要 logMgmt 权限
@app.route('/log_management')
@log_mgmt_permission.require(http_exception=403)
def log_management():
    return "You have access to Log Management."


if __name__ == '__main__':
    app.run(debug=True)



